Another consrv.dll Victim Needing Help

[essexboy]

OK lets check for damage

run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[adc]

Your link doesn't work, but I found it. 

FSS.txt attached.

[essexboy]

Oops my error a different forum software

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

I am just going to upload to my site the registry keys that you are missing
Download them to your desktop
Right click each one and select merge
Accept the warnings and then re-run Farbar

https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B%21117&sc=documents

Files are :
wscsvc.reg
bfe.reg
MpsSvc64.reg

[adc]

All 3 Reg files Merged successfully.

FSS.txt attached.

[essexboy]

Could you now reboot and try the firewall and defender

[adc]

Reboot...

Windows Defender is still stopped and issues an error when attempting to Start.

"The specified service does not exist as an installed service. (Error Code: 0x80070424)"

The Firewall is still giving the same error as before.

[essexboy]

Well all the related files and keys are there so lets go for an automated fix to kick start them

Download  Windows Repair (all in one)  from this site

Install the programme then run

Go to step 2 and allow it to run Disc check (This stage can be skipped)


Once that is done then go to step 3 and allow it to run SFC



On the start repairs tab select advanced mode and click start


Select the items ticked(remove the ticks from the rest ) and tick restart system when finished

[adc]

Tweaking is still working hard at Step 5....

I forgot to tick Restart. Presume manual restart okay?

[essexboy]

Aye that will work

Did the sfc scan do any changes ?

[adc]

Aye that will work

Did the sfc scan do any changes ?

SFC results indicated;

"Windows Resource Protection did not find any integrity violations."

Tweaking just finished. Asking for restart.

p.s.
It's getting to be pretty late where you are..

How much longer will you be available?

[adc]

Machine is back up.

The Firewall and Defender are still down.
The Firewall error appears to have changed from "0x80070424"

Current error;
"Windows Firewall can't change some of your settings.
Error code 0x8007042c"

Can't restart Defender either.

[adc]

During the current lull period I ventured to the below Microsoft website and within the 11 pages I found the solution, as did many others. My Base Filtering Engine (BFE), Windows Firewall, Windows Defender are currently running.  

Error Code 0x80070424 with Windows Firewall, Defender in Windows 7

In addition I found that the protections on the laptop's 2nd Hard drive (D:) had been removed. Protection was probably disabled on D: drive during the recent Malware Attack, and rendered it unusable. I re-enabled protection on it to bring it back to life.

I will continue to monitor the operation of the laptop, and see if there is anything else that falls in the category of strange behavior of the OS.

For now everything is going okay, and I have attached a current FSS.exe scan.

Thank you again for your expertise, and time.

I will be standing by in case you have any other requests.

Cheers,
Al

[adc]

Essexboy,

I no longer have the laptop in my possession as the owner came tonight to pick it up.

It was recommended that the owner just shut the laptop off and bring it back to me immediately if the Fake Security Malware appears again. Hopefully the problem won't come back. 

THX to all.   

Al

 

[essexboy]

Yes that looked clear.  The problem I saw with the last Farbar scan was that the services were set to disabled and windows repair should have reset them as all the keys and files were in the right place just not started

The only follow up I was going to do was to remove the tools

[adc]

Yes that looked clear.  The problem I saw with the last Farbar scan was that the services were set to disabled and windows repair should have reset them as all the keys and files were in the right place just not started.

The only follow up I was going to do was to remove the tools

I received a call from the laptop's owner last late night, and he was very pleased that the malware infection was eliminated. 

It was a pleasure to work with you.

Clean-up accomplished.    Removing the tools, reg files, and logs was the last item of business before returning the laptop. 

Cheers,
Al